Commit Graph

42658 Commits

Author SHA1 Message Date
Boris Fiuczynski
001b482e30 schemas: Refactor launch security
Change launch security to make it reusable for other types.

Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
2021-07-21 13:04:31 +02:00
Michal Privoznik
bab44aa963 qemu_migration: Unregister close callback only if connection still exists
When doing a peer-to-peer migration it may happen that the
connection to the destination disappears. If that happens,
there's no point in trying to unregister the close callback
because the connection is closed already. It results only in
polluting logs with this message:

  error : virNetSocketReadWire:1814 : End of file while reading data: : Input/output error

and the reason for that is unregistering a connection callback
results in RPC (among other things).

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1918211
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
2021-07-21 10:24:09 +02:00
Tim Wiederhake
bd7d60ac52 virIdentityEnsureSystemToken: Fix error message
This appears to be a copy-paste mistake from the check directly above.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
2021-07-21 09:51:56 +02:00
Daniel P. Berrangé
429312d686 meson: disable bogus warnings from sanitizers on Fedora
When building with sanitizers on Fedora we get a wierd error
message

In file included from /usr/include/string.h:519,
                 from ../src/internal.h:28,
                 from ../src/util/virsocket.h:21,
                 from ../src/util/virsocketaddr.h:21,
                 from ../src/util/virnetdevip.h:21,
                 from ../src/util/virnetdevip.c:21:
In function ‘memcpy’,
    inlined from ‘virNetDevGetifaddrsAddress’ at ../src/util/virnetdevip.c:702:13,
    inlined from ‘virNetDevIPAddrGet’ at ../src/util/virnetdevip.c:754:16:
/usr/include/bits/string_fortified.h:29:10: error: ‘__builtin_memcpy’ offset [2, 27] from the object at ‘addr’ is out of the bounds of referenced subobject ‘ss_family’ with type ‘short unsigned int’ at offset 0 [-Werror=array-bounds]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from /usr/include/bits/socket.h:175,
                 from /usr/include/sys/socket.h:33,
                 from ../src/util/virsocket.h:66,
                 from ../src/util/virsocketaddr.h:21,
                 from ../src/util/virnetdevip.h:21,
                 from ../src/util/virnetdevip.c:21:
../src/util/virnetdevip.c: In function ‘virNetDevIPAddrGet’:
/usr/include/bits/socket.h:193:5: note: subobject ‘ss_family’ declared here
  193 |     __SOCKADDR_COMMON (ss_);    /* Address family, etc.  */
      |     ^~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

The code is correct, and this only happens when building at -O2.

The docs for -Warray-bounds say that a value of "2" is known to
be liable to generate false positives. Rather than downgrade the
check everywhere, we do it selectively for sanitizers.

Reviewed-by: Tim Wiederhake <twiederh@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-07-20 16:07:09 +01:00
Kristina Hanicova
b0b5820efe genericxml2xmltest: Modify cachetune test to include id
I changed DO_TEST_DIFFERENT to DO_TEST, which allows us to remove
the duplicate out file. I also added id attribute for domain
element in order to parse it as a live XML ('cachetune id' is in
the output of only live XMLs). Lastly I added id of cachetune to
test its output value.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-20 16:43:46 +02:00
Kristina Hanicova
b78bfd4c54 docs: Allow 'id' attribute for 'cachetune' element
Even though 'id' attribute is output-only, we should accept xml
files containing it.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1941594

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-20 16:43:46 +02:00
Daniel P. Berrangé
5f14729bbe docs: add kbase article on how to configure core dumps for QEMU
Enabling core dumps is a reasonably straightforward task, but is not
documented clearly. This page provides as easy link to point users
to when they need to debug QEMU.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-07-20 14:24:11 +01:00
Tim Wiederhake
8ad2882cb6 testQemuGetLatestCaps: Remove superfluous gotos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
0b710cdaab testQemuGetLatestCaps: Use automatic memory management
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
ac60a87f2b testQemuGetLatestCaps: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
7db3db301c qemuMonitorJSONGetAllBlockJobInfo: Remove superfluous gotos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
5b7e88322d qemuMonitorJSONGetAllBlockJobInfo: Use automatic memory management
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
12ee3b35c6 qemuMonitorJSONGetAllBlockJobInfo: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
91fc0a36aa qemuMonitorGetPRManagerInfo: Remove superfluous gotos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
cdcbdd25e1 qemuMonitorGetPRManagerInfo: Use automatic memory management
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
df27180d49 qemuMonitorGetPRManagerInfo: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Tim Wiederhake
99292979e3 qemuStateInitialize: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 16:39:41 +02:00
Jim Fehlig
b0220b2e27 qemu: migration: Use correct flag when preparing block dirty bitmaps
qemuMigrationSrcRunPrepareBlockDirtyBitmaps receives the flags parameter
from qemuMigrationSrcRun, where flags are based on the main API enum
values. Similar to commit f58349c9c6, use the main API enum instead of
internal driver enum when checking flags in
qemuMigrationSrcRunPrepareBlockDirtyBitmaps.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 07:58:44 -06:00
Jiri Denemark
364995ed57 qemu: Signal domain condition in qemuProcessStop a bit later
Signaling the condition before vm->def->id is reset to -1 is dangerous:
in case a waiting thread wakes up, it does not see anything interesting
(the domain is still marked as running) and just enters virDomainObjWait
where it waits forever because the condition will never be signalled
again.

Originally it was impossible to get into such situation because the vm
object was locked all the time between signaling the condition and
resetting vm->def->id, but after commit 860a999802 released in 6.8.0,
qemuDomainObjStopWorker called in qemuProcessStop between
virDomainObjBroadcast and setting vm->def->id to -1 unlocks the vm
object giving other threads a chance to wake up and possibly hang.

In real world, this can be easily reproduced by killing, destroying, or
just shutting down (from the guest OS) a domain while it is being
migrated somewhere else. The migration job would never finish.

So let's make sure we delay signaling the domain condition to the point
when a woken up thread can detect the domain is not active anymore.

https://bugzilla.redhat.com/show_bug.cgi?id=1949869

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 15:49:16 +02:00
Tim Wiederhake
370ac3d25c virThreadPoolNewFull: Prevent expanding worker pool by zero
On libvirtd startup, the list of priority worker threads is uninitialized
(`pool->prioWorkers` is NULL), and then "expanded" to zero (`prioWorkers`)
entries.

This causes `virThreadPoolExpand` to call `VIR_EXPAND_N` on a null pointer
and an increment of zero. The zero increment triggers `virReallocN` to not
actually allocate any memory and leave the pointer NULL, which, eventually,
causes `memset(NULL, 0, 0)` to be called in `virExpandN`.

`memset` is declared `__attribute__ ((__nonnull__ 1))`, which triggers the
following warning when libvirt is compiled with address sanitizing enabled:

    $ meson -Dbuildtype=debug -Db_lundef=false -Db_sanitize=address,undefined
    build && ninja -C build
    $ ./build/run build/src/libvirtd
    src/util/viralloc.c:82:5: runtime error: null pointer passed as
    argument 1, which is declared to never be null

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 13:27:22 +02:00
Tim Wiederhake
bf46fac4e4 viralloc: Delete VIR_INSERT_ELEMENT_COPY and VIR_INSERT_ELEMENT_COPY_INPLACE
There are no users left.

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 12:48:42 +02:00
Tim Wiederhake
b2435f10ac virQEMUCapsGetMachineTypesCaps: Use GPtrArray
This simplyfies the code a bit and removes one "goto", one "VIR_FREE",
and one "VIR_INSERT_ELEMENT_COPY".

Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 12:48:30 +02:00
Luke Yue
3ea1ec7fa2 test_driver: Implement virDomainGetControlInfo and add test
As test driver won't have real background job running, in order to get
all possible states, the time is used here to decide which state to be
returned. The default time will get `ok` as return value.

Note that using `virsh domtime fc4 200` won't take effect for the test
driver, to get other states, you have to enter virsh interactive
terminal and set time.

Signed-off-by: Luke Yue <lukedyue@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 11:42:00 +02:00
Peter Krempa
e7ad645a8e qemu: Fix crash in virQEMUCapsProbeQMPTPM
If the queried QMP command doesn't exist qemuMonitorGetTPMModels returns
0 but sets the string list to NULL which isn't accepted by
g_strv_contains.

Fixes: a5bc5f0ecf
Reported-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
2021-07-19 11:33:46 +02:00
Jonathon Jongsma
26136e3b86 virsh: allow nodedev-list --all --tree
Allow the tree view with --all so that we can see all inactive mdevs in
a tree structure nested under their parent devices.

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 11:32:12 +02:00
Jonathon Jongsma
51fbbfdce8 nodedev: fix parent device of inactive mdevs
Inactive mdevs were simply formatting their parent name as the value
received from mdevctl rather than looking up the libvirt nodedev name of
the parent device. This resulted in a parent value of e.g.
'0000:5b:00.0' instead of 'pci_0000_5b_00_0'. This prevented defining a
new mdev device from the output of nodedev-dumpxml.

Unfortunately, it's not simple to fix this comprehensively due to the
fact that mdevctl supports defining (inactive) mdevs for parent devices
that do not actually exist on the host (yet). So for those persistent
mdev definitions that do not have a valid parent in the device list, the
parent device will be set to the root "computer" device.

Unfortunately, because the value of the 'parent' field now depends on
the configuration of the host, the mdevctl parsing test will output
'computer' for all test devices. Fixing this would require a more
extensive mock test environment.

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1979761

Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Shalini Chellathurai Saroja <shalini@linux.ibm.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-19 11:25:43 +02:00
Tim Wiederhake
00d34a085c virNWFilterDHCPSnoopInit: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
420f5204cf virNWFilterBuildAll: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
0609995d43 virNWFilterBindingObjListNew: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
ac184eea7c virNWFilterBindingDefForNet: Remove superfluous gotos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
9c1a29c75b virNWFilterBindingDefForNet: Use automatic memory management
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
7426512799 virNWFilterBindingDefForNet: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
e9109f3135 virNWFilterBindingDefCopy: Remove superfluous gotos
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
c8efa1d223 virNWFilterBindingDefCopy: Use automatic memory management
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
3f2dcd7f14 virNWFilterBindingDefCopy: virHashNew cannot return NULL
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Tim Wiederhake
f7e30a49cc conf: Add AUTOPTR_CLEANUP_FUNC for virNWFilterBindingDef
Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-19 09:39:15 +02:00
Peter Krempa
16cb11a66a network: Allow adding DNS entries sharing hostname for multiple addreses
Having multiple addresses having same hostname is a common config either
to have IPv4 and IPv6 address for the same hostname or even for DNS
round robin. The validation in the network update code didn't allow
adding such entries despite the fact that it is possible to define a
network with them.

Don't check hostname duplicity when adding a DNS entry.

The update of the test case adds another entry for the 'pudding'
hostname which is added in one of the networkxml2xmlupdate test cases.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-16 14:50:57 +02:00
Peter Krempa
21ad1dcd32 networkxml2xmltest: Add example of multiple addresses having the same hostname
Having multiple addresses for the same hostname is a legitimate
configuration in DNS. Add test data to cover this case.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-16 14:50:45 +02:00
Kristina Hanicova
133d05a15e qemu: capabilities: fill in domcaps <memoryBacking>
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-15 15:13:04 +02:00
Kristina Hanicova
e27e22585a conf: domcaps: Report <memoryBacking>
We need to report via domcapabilities if specifying shared memory
is supported without hugepages or numa config in order to find
out if domain has suitable setup to make virtiofs work.
The solution is to report source types of memory backing to
determine if memfd is a valid option.

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-15 15:13:04 +02:00
Martin Kletzander
439eaf6399 whitespace clean-ups
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-07-15 14:50:48 +02:00
Martin Kletzander
e2bc2dfa1e util: Make one debug message nicer
This was bothering someone as the debug message looked like there was an issue
despite it being just a debug message.  Change it to what is actually happening
and why the name is being skipped.

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2021-07-15 14:50:48 +02:00
Daniel P. Berrangé
b9533b5ecf ci: refresh cirrus variables for FreeBSD python rename
All the python packages got renamed from py37- to py38-

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2021-07-15 11:10:52 +01:00
Kristina Hanicova
c39757f700 qemu: Do not erase duplicate devices from namespace if error occurs
If the attempt to attach a device failed, we erased the
unattached device from the namespace. This resulted in erasing an
already attached device in case of a duplicate. We need to check
for existing file in the namespace in order to determine erasing
it in case of a failure.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1780508

Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-15 12:00:24 +02:00
Kristina Hanicova
cbcde4df3b virprocess: Return retval of the child on success, not 0
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-15 12:00:21 +02:00
Kristina Hanicova
b0ef407c65 qemu: Check for existing file in namespace
Signed-off-by: Kristina Hanicova <khanicov@redhat.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-15 12:00:17 +02:00
Jim Fehlig
3c18bc304e Apparmor: Add profile for virtxend
A new apparmor profile initially derived from the libvirtd profile.
All rules were prefixed with the 'audit' qualifier to verify they
are actually used by virtxend. It turns out that several, beyond
the obvious ones, can be dropped in the resulting virtxend profile.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
2021-07-14 09:16:58 -06:00
Jim Fehlig
ccba72b414 Apparmor: Add profile for virtqemud
A new apparmor profile derived from the libvirtd profile, with non-QEMU
related rules removed. Adopt the libvirt-qemu abstraction to work with
the new profile.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
2021-07-14 09:16:58 -06:00
Olaf Hering
75803d16ee apparmor: Allow /usr/libexec for private xen-tools binaries
This is a followup for commit e906c4d02b
("apparmor: Allow /usr/libexec for libxl-save-helper and pygrub"):

In recent rpm versions --libexecdir changed from /usr/lib64 to
/usr/libexec. A plain rpmbuild %configure in xen.git will install all
files, including the private copies of qemu, into /usr/libexec/xen/bin.
Expand the existing pattern to cover also this libexecdir variant.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
2021-07-14 17:07:22 +02:00
Michal Privoznik
bfca889122 virfile: Update example use of virDirRead()
We have an example in virDirRead() documentation on how to use
the function. In there, the directory structure is plain DIR, but
that won't work anymore. Switch over to g_autoptr(DIR) which is
what we use now.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
2021-07-14 17:03:19 +02:00